Hello, the iptables that I created for my Ubuntu server has a gloabl deny rule that prevents Ubuntu from accessing the internet, and prevents windows computers on the network from seeing the Samba share I created. I have tried to use tcpdump to see what exactly I need to allow through the firewall, but the data is overwhelming. How can I parse the tcpdump information to show me what Ubuntu is doing, and what I need to allow? I'm completely new to this, I only learned Samba, iptables, vim, and pretty much Ubuntu in general in the last few days. That said, I can follow instructions and references fairly well.
My current iptables.rules:
Code:
# Generated by iptables-save v1.4.12 on Sun Feb 24 11:30:47 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
##### Accept established traffic & loopback traffic
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
##### Accept Samba traffic from local network
-A INPUT -p udp -s 192.168.0.0/24 -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -s 192.168.0.0/24 -m udp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
##### Accept SSH connections only from Viki
-A INPUT -s 192.168.0.0/24 -p tcp -m state --state NEW -m mac --mac-source 1C:6F:65:C6:5D:37 -m tcp --dport 22 -j ACCEPT
##### Accept Minecraft from local network only, for now
-A INPUT -s 192.168.0.0/24 -p tcp -m state --state NEW -m tcp --dport 25565 -j ACCEPT
##### Reject all other INPUT traffic
#-A INPUT -j REJECT
##### Reject all forwarded traffic
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
###### Allow OUTPUT on port 80
-A OUTPUT -d 91.189.92.200/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -d 91.189.91.13/32 -p tcp -m tcp --dport 80 -j ACCEPT
##### Allow Ubuntu to access update sites
-A OUTPUT -p tcp --dport 80 -d security.ubuntu.com -j ACCEPT
-A OUTPUT -p tcp --dport 80 -d us.archive.ubuntu.com -j ACCEPT
##### Allow any OUTPUT traffic on the network
-A OUTPUT -d 192.168.0.0/24 -j ACCEPT
##### Reject all other OUTPUT traffic
#-A OUTPUT -j REJECT
COMMIT
# Completed on Sun Feb 24 11:30:47 2013
I just need a way to find out what it is I'm not allowing through so that I can uncomment my global deny rules for INPUT and OUTPUT. My end goal is to lock this server to the exact minimum necessary. Thanks in advance!
So I just installed and ran wireshark on my Ubuntu VM, and then connected my windows 7 computer and played a show over the network (from Ubuntu to Windows). Wireshark showed 1700 packets in about 15 seconds, is that right? They were all between two IP addresses, which are the VM and host I'm guessing.